Blocking URLs is a powerful use case for organizations operating with web browsing apps and end users. Think schools, retail displays, and anywhere you need users to access the Internet. On one hand, you want to give users the freedom to access the websites they need, but you don’t want to expose your infrastructure to illicit or nefarious websites on your devices.
Restrict web search capabilities with JSON and App Configurations.
In this article:
Block URLs with JSON (v.86+)
In this example, we’ll create a block list and allow list (previously known as a blacklist and whitelist) for the Google Chrome app.
Step 1: Select the Group or Devices.
To get started, go to the Group or Device you want to configure. Then, click on the Apps tab.
Step 2: Configure the app.
Locate the Google Chrome app and ensure it’s in the “Show” state.
Next, click on the ellipsis (...) and select Managed Configurations. This is also where you can toggle the App State if it's in the “Hide” state by selecting Set App State.
Step 3: Input JSON.
In the Managed Configurations modal, click Edit.
Then input the following JSON:
{
"URLBlocklist": [
"*"
],
"URLAllowlist": [
"https://www.website1.com",
"https://www.website2.com",
"https://www.website3.com"
],
"HomepageLocation": "https://esper.io",
"ForceGoogleSafeSearch": "true",
"IncognitoModeAvailability": "1"
}
In this example, we’ve blocked every site except the three examples explicitly listed above. This probably isn’t your desired behavior. If your organization keeps a list of allowed and blocked sites, this is where you can copy and paste it. Remember to update this JSON code as your needs change.
Step 3: Test the blocklist and allowlist.
Once you’ve input the JSON, try web browsing on a configured test device. Sites not included in the Allowlist should be blocked.
About the JSON (v86+)
{
"URLBlocklist": [
"String"
],
"URLAllowlist": [
"String1","String2", "String3"
],
"HomepageLocation": "String",
"ForceGoogleSafeSearch": "String",
"IncognitoModeAvailability": "String"
}
JSON Object Inputs
In the example above, we blocked every site except the example websites. However, a user may still be able to browse to "https://www.website1.com/page1". When a user searches for the site, they’ll need to put in the URL exactly as it appears in the Allowlist (so they won’t be able to use just "website1.com").
URLBlockList: As we mentioned before, every URL is blocked. We use the “*” to demonstrate this. You can also block specific sites by separating each of them by a comma.
URLAllowList: We’ve put just three allowed sites in our list, but often this may be a long list. Separate each website by a comma.
HomepageLocation: Set a homepage or landing page for the Chrome app.
ForceGoogleSafeSearch: Expects “true” or “false”. Read more about using SafeSearch.
IncognitoModeAvailability: Expects “0”, “1”, or “2”. Indicate if Incognito mode should be available (“0”), disabled (“1”), or forced for every session (“2”). Note that 'Forced' does not work for Android-on-Chrome.
Looking for an API solution? Check out our blog!
In this article:
- Block URLs with JSON
- About the JSON
Block URLs with JSON
In this example, we’ll create a block list and allow list (also known as a blacklist and whitelist) for the Google Chrome app.
Step 1: Select the Group or Devices.
To get started, go to the Group or Device you want to configure. Then, click on the Apps tab.
Step 2: Configure the app.
Locate the Google Chrome app and ensure it’s in the “Show” state.
Next, click on the ellipsis (...) and select Managed Configurations. This is also where you can toggle the App State if it's in the “Hide” state by selecting Set App State.
Step 3: Input JSON.
In the Managed Configurations modal, click Edit.
Then input the following JSON:
{
"URLBlacklist": [
"*"
],
"URLWhitelist": [
"https://www.website1.com",
"https://www.website2.com",
"https://www.website3.com"
],
"HomepageLocation": "https://esper.io",
"ForceGoogleSafeSearch": "true",
"IncognitoModeAvailability": "1"
}
In this example, we’ve blocked every site except the three examples explicitly listed above. This probably isn’t your desired behavior. If your organization keeps a list of allowed and blocked sites, this is where you can copy and paste it. Remember to update this JSON code as your needs change.
Step 3: Test the blacklist and whitelist.
Once you’ve input the JSON, try web browsing on a configured test device. Sites not included in the Whitelist should be blocked.
About the JSON
{
"URLBlacklist": [
"String"
],
"URLWhitelist": [
"String1","String2", "String3"
],
"HomepageLocation": "String",
"ForceGoogleSafeSearch": "String",
"IncognitoModeAvailability": "String"
}
JSON Object Inputs
In the example above, we blocked every site except the example websites. However, a user may still be able to browse to "https://www.website1.com/page1". When a user searches for the site, they’ll need to put in the URL exactly as it appears in the Whitelist (so they won’t be able to use just "website1.com").
URLBlackList: As we mentioned before, every URL is blocked. We use the “*” to demonstrate this. You can also block specific sites by separating each of them by a comma.
URLWhiteList: We’ve put just three allowed sites in our list, but often this may be a long list. Separate each website by a comma.
HomepageLocation: Set a homepage or landing page for the Chrome app.
ForceGoogleSafeSearch: Expects “true” or “false”. Read more about using SafeSearch.
IncognitoModeAvailability: Expects “0”, “1”, or “2”. Indicate if Incognito mode should be available (“0”), disabled (“1”), or forced for every session (“2”). Note that 'Forced' does not work for Android-on-Chrome.
Looking for an API solution? Check out our blog!